Trend Micro’s latest cyber threat report spotlights new criminal tactics

Trend Micro Incorporated, a global cybersecurity leader, has revealed that it blocked more than 10 million email threats, over 800 000 malicious URLs and almost 4 500 malicious mobile apps targeted at Nigerian businesses and consumers between January and June 2023.

This comes at a time when the complexity of the country’s cybersecurity threat landscape continues to intensify.

These findings are brought to life by the Trend Micro 2023 Midyear Cybersecurity Threat Report, which presents highlights from the company’s telemetry covering the broadest attack surface view across millions of commercial and consumer clients.

The report also uncovers key trends in criminal techniques, tactics and threat actor activity, providing important guidance for defenders looking to stay one step ahead of calculating cyber criminals.

“With each passing month the local threat landscape becomes more intricate and convoluted. Our latest research shows that illegal actors are shifting targets and getting increasingly creative to become more efficient and prolific. Prioritizing a set of proactive and holistic security solutions has never been more important,” says Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro.

READ ALSO: Trend Micro teams up with INTERPOL to fight African Cybercrime Networks  

During the first half of 2023, around 2.4 million malware families were blocked by Trend Micro in Nigeria. Ransomware, in particular, is a challenge for local companies, with hundreds of ransomware detections in June alone. However, the Midyear Report offers valuable insight into the ways in which ransomware groups are operating – not only updating their tools and techniques to extract data more efficiently, but also adapting their business models.

Earlier this year Trend Micro researchers discovered a new ransomware that uses legitimate search engine tools to search for files to encrypt. Investigation into this new ransomware, which researchers named ‘Mimic’, suggests a connection with the larger and more notorious Conti ransomware group. It’s suspected that collaboration between these criminal groups helps those lower costs and increase their market presence while also maintaining the efficacy of their criminal activities.

According to the report, many ransomware players are also turning their data exfiltration efforts toward tactics such as cryptocurrency theft and business email compromise (BEC).

Another key trend that emerged in the first half of 2023 was the use of AI by cybercriminals to carry out virtual crimes more efficiently. A significant number of Nigerian businesses have implemented AI in some form in a bid to elevate their operations – but they aren’t the only ones.

Recently, malicious actors have abused AI technology to accurately impersonate real people as part of their attacks and scams. In fact, imposter scams such as virtual kidnapping are becoming increasingly rampant globally.

In the case of virtual kidnapping, malicious actors are able to create a deepfake voice of their victim’s child and use it as proof that they have the child in their possession to pressure the victim into sending large ransom amounts.

At the same time, ChatGPT and other AI tools are enabling criminals to automate the gathering of information, formation of target groups, and identification of vulnerable behaviours.

READ ALSO: Trend micro looks to close skills gap with innovative training programme

With AI tools becoming increasingly adept at creating text that can seem human-crafted, the effort needed to attack executives has been drastically reduced, making the targeting of hundreds of thousands of executives easier than ever before.

As innovations continue to evolve and involve more data, threat actors have also been finding more ways to victimise people. For example, today’s connected cars contain over 100 million lines of code, giving smart functionality to the user but also opening doors to hackers. As more smart cars saturate the market, attackers will try to gain access to user account data and leverage it for crimes.

By hijacking or stealing such an account via phishing for credentials or installing malware, a cyber-criminal could locate the car, break into it and potentially sell it on for parts or follow-on crimes. They might even be able to locate the owner’s home address and target it for burglary when they’re not in.

Threat actors have also been casting a wider net by leveraging vulnerabilities in smaller platforms for more specific targets, such as file transfer service MOVEit, business communications software 3CX, and print management software solution PaperCut.